You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In popular E2E encryption methods, both side of a conversation should know connection state of each other. so they create a RSA keys in local machine and ask for handshake to other side to pass their publicKey to each other. this method should recall just when any of those want's to update her RSA.
The problem is when someone lost her connection or by any reason change her local RSA, the other side should know about this immediately, but we don't keep any conversation status on the server to do this (and of-course telling telling this to whole system is a wrong thing). So what if user X sent a message to user Y encrypted by a publicKey that doesn't exists on Y machine anymore?
So the current thing that i'm thinking about, is that all users should tell her publicKey plus a random number as a sign to server and server keeps those. when a user lost her connection or make a new RSA, server will know and update her status. So, when user X wants to message to user Y, first should ask server to get her publicKey and server will respond with user publicKey and the sign, so he can keep it on local. Now user X can actually encrypt message by that publicKey and attach the sign to the data. Whenever server get sendMessage request, first check status of message target, then check received sign by actual target user sign and if everything was ok, server will send a message to Y. any problem that happens during this process will throw an error to user X and he should re-ask for user YpublicKey and sign.
No description provided.
The text was updated successfully, but these errors were encountered: